An Ancient Kernel Hole is (Not) Closed

The "stack clash" series of vulnerabilities were a prime opportunity to demonstrate the strength of grsecurity's approach to security. Unlike upstream Linux and other OSes, the issues uncovered were unexploitable under grsecurity for many years.

The Infoleak that (Mostly) Wasn't

Close, but No Cigar: On the Effectiveness of Intel's CET Against Code Reuse Attacks

Intel's recent announcement of their hardware support for a form of Control Flow Integrity (CFI) has raised a lot of interest among the expert as well as the popular press. As an interested party we've decided to look at some of the details and analyze the strengths and weaknesses of Intel's Control-flow Enforcement Technology (CET).

False Boundaries and Arbitrary Code Execution

This often-cited post provides a detailed reference to the Linux capability system, subjecting it to critical analysis through the lens of ambient authority, with the revelation that most capabilities are equivalent to full root access if an attacker has arbitrary ability to exercise the capability. It finishes with a discussion on how this plays into PaX's design and grsecurity's RBAC system.

Recent ARM Security Improvements

This post contains a detailed blueprint for the novel design and implementation of PaX KERNEXEC and UDEREF on ARM, preventing ambient direct userland access from the kernel as well as preventing arbitrary code execution in the kernel.

Assorted Notes on Defense and Exploitation

This post presents a defense of so-called "ad-hoc" memory corruption defenses, comparing their practicality and effectiveness to calls to rewrite all software in safe languages, as proposed by a cited presentation. It also drives home the message of seeking details instead of believing security buzzwords like "sandbox".

About grsecurity

grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration.